Updated python-twisted-web packages fix a security vulnerability
Publication date: 12 Oct 2016Modification date: 12 Oct 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-1000111
Description
It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTP_PROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a CGI script to an attacker-controlled proxy via a malicious HTTP request. (CVE-2016-1000111)
References
SRPMS
5/core
- python-twisted-web-14.0.1-3.1.mga5